Age | Commit message (Collapse) | Author | Files | Lines |
|
Changes:
o Fixed bug in UDP connection code, using pktinfo support. [BUG #796765]
o Fixed a segfault in the DNS lookup routines, caused by invalid DNS
configurations.
o Fixed two compilation issues on SCO Unix 3.2 v 5.0.4. [BUG #857650],
[BUG #857657]
o Fixed bug in command line switch `-i' on non-linux OS such as Solaris.
[BUG #864780]
o The debugging support now works on libc's that don't allow NULL pointers
passed for string (`%s') modifiers.
|
|
Changes:
* Made code thread safe by replacing gethostbyname with gethostbyname_r
* Added GeoIP_country_code_by_ipnum and GeoIP_id_by_ipnum to use
existing ulong IP Address in numeric form instead of having to
convert it to string (Boris Hajduk)
* Updated geoipupdate to report invalid userID and productID errors
* Added support for GEOIP_INDEX_CACHE - which just caches
the most frequently access index portion of the database, resulting
in faster lookups than GEOIP_STANDARD, but less memory usage than
GEOIP_MEMORY_CACHE (Frank Mather)
* Made GEOIP_CHECK_CACHE work with GEOIP_STANDARD mode - reloads filehandle
in case file changes.
* Made GeoIP City code thread safe
* Fixed bug with geoipupdate reading in product ids
* Added support for GeoIP Netspeed geoipupdate
* Fix memleak in lookupaddress (Ludwig Nussel/SUSE)
* Add prototype for _full_path_to to make 64bit clean (Ludwig Nussel/SUSE)
|
|
so CFLAGS is used as set in the standard make(1) rules of the platform.
This should fix the problem that "-pipe" is not available on IRIX.
Don't use mv(1) or rm(1) when installing -- the binary should not be
there anyway when using pkgsrc.
Don't define ${INSTALL} -- it should be pointing to the BSD install(1)
already in the standard make(1) rules of the platform (or somehow
inherited from pkgsrc rules). Works for NetBSD, untested elsewhere.
Based on suggestions in PR pkg/27429 by Georg Schwarz.
|
|
GPL now a problem? doh...)
|
|
Major changes:
Update databases
General:
- replace md5 function from openssl with a copy of coreutils (licence issue)
- add support for IEEE/iab.txt database
ipv6calc:
- add support for recognizing 6to4 addresses generated by
Microsoft OS
ipv6logconv:
- add support for recognizing 6to4 addresses generated by
Microsoft OS
- add support for ISATAP addresses
|
|
* Bug fix for compact peer address acquisition
* Addition of peer identifier
|
|
* Color-coded protocol dialog
* Some tweaks to compile with newer distros
|
|
1.8.17nb3).
|
|
- FIX: network interface index was not being initialized correctly on non-Linux platforms
- FIX: sw_mdns_stub_init() was not initializing m_pending_ops
- FIX: autoipd was not handling return code from fcntl correctly
- FIX: portability patches from GNOME team
- integration of patches necessary to build and run on Solaris
- Separate Apple code into separate mDNSResponder library.
- Add sw_discovery_query_record() to discovery API to query individual resource records
- Support for discovery operations on specific network interfaces
- Support for 64 bit Linux
- FIX: client side memory leak when cancelling discovery operations
- FIX: FreeBSD mDNSResponder didn't work with -a switch
- FIX: mDNSResponder would occasionally crash when waking from sleep on Windows
- FIX: mDNSResponder code for parsing config files had buffer overflow
|
|
and the author does not maintain it any longer.
|
|
|
|
|
|
Changes:
20041022
- (dtucker) Release 3.6p1.
20041015
- (dtucker) [configure.ac openbsd-compat/inet_pton.c] Fix a couple of silly
errors that prevented it from working on OS X; from mouring@
20041014
- (dtucker) configure.ac defines.h includes.h openbsd-compat/Makefile.in
openbsd-compat/fake-rfc2553.c openbsd-compat/fake-rfc2553.h
openbsd-compat/inet_pton.c openbsd-compat/openbsd-compat.h] Add support
for platforms that do not have a native getaddrinfo interface, based on
OpenSSH's compatibility interface and OpenBSD's inet_pton.
- (dtucker) [openbsd-compat/openbsd-compat.h openbsd-compat/bsd-misc.c]
Compat functions for seteuid and setegid from OpenSSH. ntpd will now work
on HP-UX.
- (dtucker) [Makefile.in openbsd-compat/Makefile.in
openbsd-compat/openbsd-compat.h] Set CPPFLAGS so older make's work.
- (dtucker) [config.c configure.ac] Check for sin6_scope_id.
- (dtucker) [openbsd-compat/fake-rfc2553.h] remove sin6_scope_id to re-sync
with OpenSSH.
- (dtucker) [README] Update.
20041003
- (dtucker) [openbsd-compat/asprintf.c] Ensure than string is freed if
vsnprintf fails.
20041002
- (dtucker) [configure.ac] Look for res_9_init in libresolv too, needed on
Mac OS X. From samh at granada-learning com.
- (dtucker) [configure.ac includes.h] Check for and include netdb.h, prevents
"redefinition of EAI_NODATA" errors.
20040912
- (dtucker) OpenBSD CVS Sync
- henning@cvs.openbsd.org 2004/09/07 22:43:07
[server.c]
ignore ntp_sendmsg()s return value in server_dispatch. could result in
ntpd exiting on sendmsg() failures, which is not desired.
- henning@cvs.openbsd.org 2004/09/09 21:50:33
[ntp.c]
correctly track peer count. fixes a memory corruption.
with & ok otto millert claudio, ok deraadt canacar
20040904
- (dtucker) [defines.h] FreeBSD 5.x does not have EAI_NODATA, so define to
EAI_NONAME. From naddy at mips.inka.de.
- (dtucker) [configure.ac openbsd-compat/bsd-arc4random.c] Add support for
building without OpenSSL (./configure --with-builtin-arc4random), based
on arcfour routines from nanocrypt by Damien Miller. Requires /dev/urandom
device.
- (dtucker) [configure.ac ntpd.c] Set SIGCHLD to SIG_DFL on Linux.
20040901
- (dtucker) OpenBSD CVS Sync
- henning@cvs.openbsd.org 2004/08/24 15:23:19
[config.c ]
don't fatal() if getaddrinfo() returns EAI_NONAME
- deraadt@cvs.openbsd.org 2004/08/30 11:50:56
[ntp_msg.c]
ENOBUFS, EHOSTUNREACH, ENETDOWN and EHOSTDOWN are bad reasons to log;
ok otto henning
- deraadt@cvs.openbsd.org 2004/08/30 11:52:04
[config.c]
skip early DNS lookups -- they are deferred to later; ok otto ho henning
- henning@cvs.openbsd.org 2004/08/30 12:02:59
[config.c]
don't forget to set *hn... theo ok
- (dtucker) [README] Update platforms.
- (dtucker) [configure.ac] Add product name to AC_INIT
20040825
- (dtucker) [ntpd.conf] Sync with OpenBSD, requested by henning@.
|
|
to use common option names were possible, so change these instances of
"pam" to "PAM" to match existing usage.
|
|
|
|
PKG_OPTIONS.<pkg>+= foo blah
|
|
|
|
|
|
Ian Zagorskhi, with small changes by me.
OpenVPN is a robust and highly flexible tunneling application
that uses all of the encryption, authentication, and certification
features of the OpenSSL library to securely tunnel IP networks over
a single TCP/UDP port.
|
|
available using the suse91 packages, add missing dependencies; pointed
out by agc@.
Bump PKGREVISION.
|
|
|
|
Skype is a free program that uses the latest P2P technology to bring
affordable and high-quality voice communications to people all over
the world.
|
|
- Fix builds with LDAP support
- Bump PKGREVISION
Thanks to Dave.Tyson (at) liverpool.ac.uk for testing a lot of these patches
on the 1.6 branch.
|
|
|
|
NetBSD/amd64. OK'd by tron@.
|
|
former) for applications that are known to require C++.
|
|
|
|
|
|
- Fixed bug in localization
- Memory leak fixed
- Localization added, thanks to Mario Scheel
- Tray icon support added, thanks to Thomas Zell
- Some errors fixed
|
|
|
|
|
|
net/p5-Net-XWhois
security/p5-Crypt-RandPasswd
to their respective parent Makefiles.
|
|
The Net::XWhois class provides a generic client framework for doing
Whois queries and parsing server response.
|
|
|
|
automatically by pthread.buildlink3.mk. Also, factor out the pthread
library out of PTHREAD_LDFLAGS into a standalone variable PTHREAD_LIBS
and use it in packages where necessary (usually the ones that don't
have a GNU configure script).
|
|
|
|
Changes in version 0.0.8.1 - 2004-10-14
o Bugfixes:
- Fix a seg fault that can be triggered remotely for Tor
clients/servers with an open dirport.
- Fix a rare assert trigger, where routerinfos for entries in
our cpath would expire while we're building the path.
- Fix a bug in OutboundBindAddress so it (hopefully) works.
- Fix a rare seg fault for people running hidden services on
intermittent connections.
- Fix a bug in parsing opt keywords with objects.
- Fix a stale pointer assert bug when a stream detaches and
reattaches.
- Fix a string format vulnerability (probably not exploitable)
in reporting stats locally.
- Fix an assert trigger: sometimes launching circuits can fail
immediately, e.g. because too many circuits have failed recently.
- Fix a compile warning on 64 bit platforms.
Changes in version 0.0.8 - 2004-08-25
o Bugfixes:
- Made our unit tests compile again on OpenBSD 3.5, and tor
itself compile again on OpenBSD on a sparc64.
- We were neglecting milliseconds when logging on win32, so
everything appeared to happen at the beginning of each second.
- Check directory signature _before_ you decide whether you're
you're running an obsolete version and should exit.
- Check directory signature _before_ you parse the running-routers
list to decide who's running.
- Check return value of fclose while writing to disk, so we don't
end up with broken files when servers run out of disk space.
- Port it to SunOS 5.9 / Athena
- Fix two bugs in saving onion keys to disk when rotating, so
hopefully we'll get fewer people using old onion keys.
- Remove our mostly unused -- and broken -- hex_encode()
function. Use base16_encode() instead. (Thanks to Timo Lindfors
for pointing out this bug.)
- Only pick and establish intro points after we've gotten a
directory.
- Fix assert triggers: if the other side returns an address 0.0.0.0,
don't put it into the client dns cache.
- If a begin failed due to exit policy, but we believe the IP
address should have been allowed, switch that router to exitpolicy
reject *:* until we get our next directory.
o Protocol changes:
- 'Extend' relay cell payloads now include the digest of the
intended next hop's identity key. Now we can verify that we're
extending to the right router, and also extend to routers we
hadn't heard of before.
o Features:
- Tor nodes can now act as relays (with an advertised ORPort)
without being manually verified by the dirserver operators.
- Uploaded descriptors of unverified routers are now accepted
by the dirservers, and included in the directory.
- Verified routers are listed by nickname in the running-routers
list; unverified routers are listed as "$<fingerprint>".
- We now use hash-of-identity-key in most places rather than
nickname or addr:port, for improved security/flexibility.
- AllowUnverifiedNodes config option to let circuits choose no-name
routers in entry,middle,exit,introduction,rendezvous positions.
Allow middle and rendezvous positions by default.
- When picking unverified routers, skip those with low uptime and/or
low bandwidth, depending on what properties you care about.
- ClientOnly option for nodes that never want to become servers.
- Directory caching.
- "AuthoritativeDir 1" option for the official dirservers.
- Now other nodes (clients and servers) will cache the latest
directory they've pulled down.
- They can enable their DirPort to serve it to others.
- Clients will pull down a directory from any node with an open
DirPort, and check the signature/timestamp correctly.
- Authoritative dirservers now fetch directories from other
authdirservers, to stay better synced.
- Running-routers list tells who's down also, along with noting
if they're verified (listed by nickname) or unverified (listed
by hash-of-key).
- Allow dirservers to serve running-router list separately.
This isn't used yet.
- You can now fetch $DIRURL/running-routers to get just the
running-routers line, not the whole descriptor list. (But
clients don't use this yet.)
- Clients choose nodes proportional to advertised bandwidth.
- Clients avoid using nodes with low uptime as introduction points.
- Handle servers with dynamic IP addresses: don't just replace
options->Address with the resolved one at startup, and
detect our address right before we make a routerinfo each time.
- 'FascistFirewall' option to pick dirservers and ORs on specific
ports; plus 'FirewallPorts' config option to tell FascistFirewall
which ports are open. (Defaults to 80,443)
- Try other dirservers immediately if the one you try is down. This
should tolerate down dirservers better now.
- ORs connect-on-demand to other ORs
- If you get an extend cell to an OR you're not connected to,
connect, handshake, and forward the create cell.
- The authoritative dirservers stay connected to everybody,
and everybody stays connected to 0.0.7 servers, but otherwise
clients/servers expire unused connections after 5 minutes.
- When servers get a sigint, they delay 30 seconds (refusing new
connections) then exit. A second sigint causes immediate exit.
- File and name management:
- Look for .torrc if no CONFDIR "torrc" is found.
- If no datadir is defined, then choose, make, and secure ~/.tor
as datadir.
- If torrc not found, exitpolicy reject *:*.
- Expands ~/ in filenames to $HOME/ (but doesn't yet expand ~arma).
- If no nickname is defined, derive default from hostname.
- Rename secret key files, e.g. identity.key -> secret_id_key,
to discourage people from mailing their identity key to tor-ops.
- Refuse to build a circuit before the directory has arrived --
it won't work anyway, since you won't know the right onion keys
to use.
- Parse tor version numbers so we can do an is-newer-than check
rather than an is-in-the-list check.
- New socks command 'resolve', to let us shim gethostbyname()
locally.
- A 'tor_resolve' script to access the socks resolve functionality.
- A new socks-extensions.txt doc file to describe our
interpretation and extensions to the socks protocols.
- Add a ContactInfo option, which gets published in descriptor.
- Write tor version at the top of each log file
- New docs in the tarball:
- tor-doc.html.
- Document that you should proxy your SSL traffic too.
- Log a warning if the user uses an unsafe socks variant, so people
are more likely to learn about privoxy or socat.
- Log a warning if you're running an unverified server, to let you
know you might want to get it verified.
- Change the default exit policy to reject the default edonkey,
kazaa, gnutella ports.
- Add replace_file() to util.[ch] to handle win32's rename().
- Publish OR uptime in descriptor (and thus in directory) too.
- Remember used bandwidth (both in and out), and publish 15-minute
snapshots for the past day into our descriptor.
- Be more aggressive about trying to make circuits when the network
has changed (e.g. when you unsuspend your laptop).
- Check for time skew on http headers; report date in response to
"GET /".
- If the entrynode config line has only one node, don't pick it as
an exitnode.
- Add strict{entry|exit}nodes config options. If set to 1, then
we refuse to build circuits that don't include the specified entry
or exit nodes.
- OutboundBindAddress config option, to bind to a specific
IP address for outgoing connect()s.
- End truncated log entries (e.g. directories) with "[truncated]".
|
|
|
|
* Use VARBASE
|
|
to add -lmd on FreeBSD for the MD5 functions.
XXX this package should probably install a shared library, too
|
|
|
|
- Add a fix for crashes when processing EAP-PEAP requests
PR 28095 Konstantin.Kabassanov (at) lip6.fr
- Fix pthreads enabled builds on NetBSD systems < 2.0
- Replace patch-ai, patch-aj and patch-ak with SUBST_* (suggested by juan@)
|
|
Ok'ed manu@
|
|
make this use BUILDLINK_DEPMETHOD.<pkg>?= build.
|
|
[Yy][Ee][Ss], make this build again...
|
|
|
|
8.9.0 fixes for HTTP, SSLway and SMTP.
8.9.1 fixed proxy-HTTP for authentication and SSLtunnel (8.9.0)
8.9.2 extended CFI, supported SWF MOUNT, fixed FTP, making with SSL
8.9.3 added SMTPCONF=callback, fixed SSLway, FTP+SSL, Telnet, Tcprelay, etc.
8.9.4 added service shutdown on abort in child process, fixed FTP, gzip/HTTP
8.9.5 fix for Win32 (8.9.4),virtual host (8.9.3),added JIS to ASCII conv,etc.
8.9.6 fix for SSLway, CFI, AUTHORIZER, FTP, Resolvy, Socks5, added XML MOUNT, interface for FreyaSX, etc.
|
|
Common bugs fixed in 3.0.8 include:
o Compile fixes for HP-UX
o Fixes for the printer publishing code used when joined to
an AD domain.
o Incompatibilities with file system quotas.
o Several bugs in the spoolss printing code and print system
backends.
o Inconsistencies in the username map functionality when
configured on domain member servers.
o Various compile warnings and errors on various platforms.
o Fixes for kerberos interoperability with Windows 200x
domains when using DES keys.
o Fix for CAN-2004-0930 -- smbd remote DoS vulnerability.
New features included in the 3.0.8 release are:
o New migration functionality added the the net tool
for files/directories, printers, and shares.
o New experimental idmap backend for assigning uids/gids
directly based on the user/group RID when acting as a
member of single domain without any trusts.
o Additional printer migration support for XP/2003 platforms.
|
|
|
|
Makefiles. Fixes build on NetBSD 1.6.2.
|